OpenCVE

In Config Manager, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210009; Issue ID: OSBNB00123234.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Mediatek	En7528 En7528 Firmware En7580 En7580 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:mediatek:en7580_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:en7580:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:mediatek:en7528_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:en7528:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://corp.mediatek.com/product-security-acknowledgements

History

No history.

MITRE

Status: PUBLISHED

Assigner: MediaTek

Published: 2023-02-06T00:00:00

Updated: 2024-08-03T23:03:33.370Z

Reserved: 2021-04-22T00:00:00

Link: CVE-2021-31574

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-02-06T22:15:09.270

Modified: 2024-11-21T06:05:55.970

Link: CVE-2021-31574

Redhat

No data.

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mediatek:en7580_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7CA71010-AB02-4144-BEAD-78E3E2083242", "versionEndExcluding": "tlm7.3.275.0-82", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mediatek:en7580:-:*:*:*:*:*:*:*", "matchCriteriaId": "061DBB68-80AF-4016-AAE0-EE9DFDFB341B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mediatek:en7528_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F6E9A131-DCCC-406C-9134-E026D14E5D34", "versionEndExcluding": "tlm7.3.275.0-82", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mediatek:en7528:-:*:*:*:*:*:*:*", "matchCriteriaId": "CD990C82-4C61-479B-A49F-11A3C0812AC5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "In Config Manager, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210009; Issue ID: OSBNB00123234."}, {"lang": "es", "value": "En Config Manager, existe una posible inyecci\u00f3n de comando debido a una validaci\u00f3n de entrada incorrecta. Esto podr\u00eda conducir a una escalada remota de privilegios por parte de un atacante pr\u00f3ximo sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: A20210009; ID del problema: OSBNB00123234."}], "id": "CVE-2021-31574", "lastModified": "2024-11-21T06:05:55.970", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-02-06T22:15:09.270", "references": [{"source": "security@mediatek.com", "tags": ["Vendor Advisory"], "url": "https://corp.mediatek.com/product-security-acknowledgements"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://corp.mediatek.com/product-security-acknowledgements"}], "sourceIdentifier": "security@mediatek.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}], "source": "nvd@nist.gov", "type": "Primary"}]}